[webauthn] Pull Request: Don't be so strict about uv with the PRF extension. from Adam Langley via GitHub on 2023-01-04 (public-webauthn@w3.org from January 2023)

From: Adam Langley via GitHub <sysbot+gh@w3.org>
Date: Wed, 04 Jan 2023 22:16:39 +0000
To: public-webauthn@w3.org
Message-ID: <pull_request.opened-1185510072-1672870597-sysbot+gh@w3.org>

agl has just submitted a new pull request for https://github.com/w3c/webauthn:

== Don't be so strict about uv with the PRF extension. ==
Authenticators may have different PRFs for the UV and non-UV case. Thus setting uv=preferred during an assertion is fraught: it doesn't fully specify which PRF to use.

However, while implementing this, I ended up feeling that the prohibition on using uv=preferred was too strong. Sites may reasonably want to use uv=preferred and to take advantage of available PRF results. If the evaluation points are global then this isn't so silly as to justify a prohibition, I suspect.

See https://github.com/w3c/webauthn/pull/1836


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 4 January 2023 22:16:41 UTC